Systems, methods, and media for determining fraud patterns and creating fraud behavioral models

ABSTRACT

Systems, methods, and media for analyzing fraud patterns and creating fraud behavioral models are provided herein. In some embodiments, methods for analyzing call data associated with fraudsters may include executing instructions stored in memory to compare the call data to a corpus of fraud data to determine one or more unique fraudsters associated with the call data, associate the call data with one or more unique fraudsters based upon the comparison, generate one or more voiceprints for each of the one or more identified unique fraudsters from the call data, and store the one or more voiceprints in a database.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.14/337,106, filed Jul. 21, 2014, entitled “SYSTEMS, METHODS, AND MEDIAFOR DETERMINING FRAUD PATTERNS AND CREATING FRAUD BEHAVIORAL MODELS,”which is a continuation of U.S. patent application Ser. No. 13/290,011,filed Nov. 4, 2011, entitled “SYSTEMS, METHODS, AND MEDIA FORDETERMINING FRAUD PATTERNS AND CREATING FRAUD BEHAVIORAL MODELS,” whichis a continuation-in-part and claims benefit of and priority to U.S.patent application Ser. No. 11/754,974, filed on May 29, 2007, entitled“METHOD AND SYSTEM FOR SCREENING USING VOICE DATA AND METADATA,” whichin turn claims the benefit of and priority to U.S. ProvisionalApplications 60/923,195, filed on Apr. 13, 2007, entitled “SeedingTechniques and Geographical Optimization Details for a Fraud DetectionSystem that uses Voiceprints,” and 60/808,892, filed on May 30, 2006,entitled “Optimizations for a Fraud Detection System that usesVoiceprints;” this application is also a continuation-in-part and claimsbenefit of and priority to U.S. patent application Ser. No. 11/754,975,filed on May 29, 2007, entitled “Method and System to Seed a VoiceDatabase,” which in turn claims the benefit of and priority to U.S.Provisional Applications 60/923,195, filed on Apr. 13, 2007, entitled“Selecting Techniques and Geographical Optimization Details for a FraudDetection System that uses Voiceprints,” and 60/808,892, filed on May30, 2006, entitled “Optimizations for a Fraud Detection System that usesVoiceprints;” this application is also a continuation-in-part and claimsbenefit of and priority to U.S. patent application Ser. No. 12/352,530,filed on Jan. 12, 2009, entitled “BUILDING WHITELISTS COMPRISINGVOICEPRINTS NOT ASSOCIATED WITH FRAUD AND SCREENING CALLS USING ACOMBINATION OF A WHITELIST AND BLACKLIST,” which in turn claims thebenefit of and priority to U.S. Provisional Applications 61/197,848,filed Oct. 31, 2008, entitled “Voice biometrics based fraud managementsystem,” and 61/010,701, filed Jan. 11, 2008, entitled “Optimizations &extensions of a system to detect fraud using voiceprints;” thisapplication is also a continuation-in-part and claims benefit of andpriority to U.S. patent application Ser. No. 12/856,200, filed on Aug.13, 2010, entitled “SPEAKER VERIFICATION-BASED FRAUD SYSTEM FOR COMBINEDAUTOMATED RISK SCORE WITH AGENT REVIEW AND ASSOCIATED USER INTERFACE,”which in turn claims the benefit of and priority to U.S. ProvisionalApplication 61/335,677, filed on Jan. 11, 2010, entitled “Method forcorrelating fraud audio to textual fraud reports using word spotting;”this application is also a continuation-in-part and claims benefit ofand priority to U.S. patent application Ser. No. 12/856,118, filed onAug. 13, 2010, entitled “METHOD AND SYSTEM FOR GENERATING A FRAUD RISKSCORE USING TELEPHONY CHANNEL BASED AUDIO AND NON-AUDIO DATA,” which inturn claims the benefit of and priority to U.S. Provisional Applications61/335,677, filed on Jan. 11, 2010, entitled “Method for correlatingfraud audio to textual fraud reports using word spotting;” thisapplication is also a continuation-in-part and claims benefit of andpriority to U.S. patent application Ser. No. 12/856,037, filed on Aug.13, 2010, entitled “METHOD AND SYSTEM FOR ENROLLING A VOICEPRINT IN AFRAUDSTER DATABASE,” which in turn claims the benefit of and priority toU.S. Provisional Applications 61/335,677, filed on Jan. 11, 2010. Eachof the aforementioned Non-Provisional U.S. Patent Applications is acontinuation-in-part and claims benefit of and priority to U.S. patentapplication Ser. No. 11/404,342, filed on Apr. 14, 2006, entitled“Method and System to detect fraud using voice data,” which in turnclaims the benefit of U.S. Provisional Application 60/673,472, filed onApr. 21, 2005, entitled “Detecting Fraudulent Use of Financial AccountNumbers Using Voiceprints.” All of the above references are herebyincorporated by reference herein in their entirety. This application isalso a continuation-in-part and claims the benefit of and priority toU.S. patent application Ser. No. 13/278,067, filed on Oct. 20, 2011,entitled “Method and System for Screening Using Voice Data andMetadata,” which in turn is a continuation of and claims the benefit ofand priority to U.S. patent application Ser. No. 11/754,974, filed onMay 29, 2007, entitled “METHOD AND SYSTEM FOR SCREENING USING VOICE DATAAND METADATA,” which in turn claims the benefit of and priority to U.S.Provisional Applications 60/923,195, filed on Apr. 13, 2007, entitled“Seeding Techniques and Geographical Optimization Details for a FraudDetection System that uses Voiceprints,” and 60/808,892, filed on May30, 2006, entitled “Optimizations for a Fraud Detection System that usesVoiceprints,” all of which are hereby incorporated by reference hereinin their entirety.

FIELD OF THE TECHNOLOGY

Embodiments of the disclosure relate to methods and systems for frauddetection. Systems and methods may be utilized to identify fraudpatterns within call data (either manually or by way of fraud detectionapplications) and create fraud behavioral models to detect fraud.

BACKGROUND OF THE DISCLOSURE

Fraud such as credit card fraud and identity fraud are common. To dealwith fraud, enterprises such as merchants and banks use a variety offraud detection systems. However, these fraud detection systems aresusceptible to becoming obsolete within a short time because fraudsterschange their methods of perpetrating fraud in order to maneuver pastsuch fraud detection systems.

SUMMARY OF THE DISCLOSURE

According to some embodiments, the present technology may be directed tomethods for analyzing call data associated with fraudsters. Thesemethods may include executing instructions stored in memory, theinstructions executable by a processor, to: (a) in response to receivingcall data associated with fraudsters, compare the call data to a corpusof fraud data to determine one or more unique fraudsters associated withthe call data; (b) associate the call data with one or more uniquefraudsters based upon the comparison; (c) generate one or morevoiceprints for each of the one or more identified unique fraudstersfrom the call data; and (d) store the one or more voiceprints in a database.

In other embodiments, the present technology may be directed to methodsfor identifying fraud patterns in call data that include executinginstructions stored in memory, the instructions executable by aprocessor, for: (a) analyzing call data associated with fraudstersutilizing voice recognition techniques, the call data being received bya web server associated with one or more entities; (b) determiningkeywords included in the call data that are indicative of fraud; (c)identifying fraud patterns from the keywords; and (d) storing the fraudpatterns in a database communicatively coupled with the web server.

In other embodiments, the present technology may be directed to systemsfor identifying fraud patterns in call data. These systems may include(a) a memory for storing executable instructions; (b) a processor forexecuting the instructions, the executable instructions including: (a)an analytics engine that analyzes call data associated with fraudstersutilizing voice recognition techniques, the call data being received bya web server associated with one or more entities; and determineskeywords included in the call data that are indicative of fraud; and (b)a fraud pattern identifying module that identifies fraud patterns fromthe keywords and stores the fraud patterns in a database communicativelycoupled with the web server.

In other embodiments, the present technology may be directed tonontransitory computer readable storage media having a program embodiedthereon. In some embodiments, the program is executed by a processor toperform a method for analyzing call data. These methods may include: (a)responsive to receiving call data associated with fraudsters, comparethe call data to a corpus of fraud data to determine one or more uniquefraudsters associated with the call data; (b) associate the call datawith one or more unique fraudsters based upon the comparison; (c)generate one or more voiceprints for each of the one or more identifiedunique fraudsters from the call data; and (d) store one or morevoiceprints in a database.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, where like reference numerals refer toidentical or functionally similar elements throughout the separateviews, together with the detailed description below, are incorporated inand form part of the specification, and serve to further illustrateembodiments of concepts that include the claimed disclosure, and explainvarious principles and advantages of those embodiments.

The methods and systems disclosed herein have been represented whereappropriate by conventional symbols in the drawings, showing only thosespecific details that are pertinent to understanding the embodiments ofthe present disclosure so as not to obscure the disclosure with detailsthat will be readily apparent to those of ordinary skill in the arthaving the benefit of the description herein.

FIG. 1 is a pictorial representation of an exemplary system for frauddetection, in accordance with various embodiments of the presentdisclosure;

FIG. 2 shows an exemplary architecture of a call center of FIG. 1, inaccordance with various embodiments of the present disclosure;

FIG. 3 shows an exemplary architecture of a Fraud Detection System ofFIG. 1, in accordance with various embodiments of the presentdisclosure;

FIGS. 4A and 4B illustrate an exemplary timing diagram that illustratesa sequence of events in an exemplary method for fraud detection, inaccordance with various embodiments of the present disclosure;

FIG. 5 shows an exemplary flowchart illustrating fraud marking, inaccordance with various embodiments of the present disclosure;

FIG. 6 shows an exemplary flowchart illustrating identifying uniquefraudsters, in accordance with various embodiments of the presentdisclosure;

FIG. 7 shows an exemplary matrix comparison of voiceprints; and groupsof voiceprints formed after the matrix comparison, in accordance withvarious embodiments of the present disclosure;

FIG. 8 shows an exemplary flowchart illustrating affiliate fraud, inaccordance with various embodiments of the present disclosure

FIGS. 9-12 show exemplary fraud analytics reports illustrating fraudpatterns, in accordance with various embodiments of the presenttechnology; and

FIG. 13 shows exemplary computing system hardware to implement theexemplary methods and systems disclosed herein.

DETAILED DESCRIPTION

In the following description, for purposes of explanation, numerousspecific details are set forth in order to provide a thoroughunderstanding of the disclosure. It will be apparent, however, to oneskilled in the art, that the disclosure may be practiced without thesespecific details. In other instances, structures and devices are shownat block diagram form only in order to avoid obscuring the disclosure.

Broadly, the present disclosure provides for systems and methodsconfigured to identify fraud patterns and create Fraud Behavioral Models(FBMs) relating to fraudsters. It will be understood that fraudsters maybe a part of a community that perpetrates fraud by illicitly usinginformation of certain individuals for their (the fraudsters) ownbenefit. The information may include any type of sensitive information,such as social security numbers, credit card details, and so forth,which may be used by the fraudster to perpetrate fraud. Common types offraud may include the unauthorized use of credit card data, for example,the use of a credit card without the consent of the name cardholder.

A pattern of fraud perpetrated by the fraudsters may be understood byidentifying fraud patterns, whereas a pattern of behavior of a fraudster(who perpetrated one or more frauds) may be understood by identifying aFBM. In other words, the fraud patterns may provide information relatingto a fraud activity, whereas the FBM may provide information relating toparticular fraudsters or groups of fraudsters.

For example, fraud patterns may provide details about a frequency offraud, a time and a date of fraud, repeated voice accents used toperpetrate fraud, phone numbers called from, a number of calls made,details of the enterprises being victimized, and the like. On the otherhand, an FBM analysis may provide details about behavioralcharacteristics of a fraudster. For example, behavioral characteristicsmay answer the follow questions about a fraudster: Does the fraudsteralways use a new account for making a transaction, does the fraudsteralways order a same item, does the fraudster always order a same numberof an item, does the fraudster always choose for express shipping, andthe like. Advantageously, fraud patterns and FBMs may be used by anenterprise to understand methods/techniques used to perpetrate fraud andbehavioral characteristics of fraudsters. An enterprise may utilizethese fraud patterns and FBMs to prevent fraud in future by screeningnew callers against the fraud patterns and FBMs.

Referring to FIG. 1, a pictorial representation of an exemplaryimplementation of a system for fraud detection is shown, in accordancewith various embodiments of the present disclosure. As can be seen fromFIG. 1, a call center 100, a Fraud Detection System (FDS) 102, and aplurality of callers 104 are shown. The call center 100 may receive andprocess calls on behalf of an enterprise. The enterprise may include amerchant, an insurance company, an affiliate of a company, a bank, atelecommunication company, and the like.

According to some embodiments, the call center 100 may receive callsfrom the plurality of callers 104 (hereinafter “the callers 104”) forgoods and/or services that the enterprise deals in. The callers 104 maycall the call center 100 using a VoIP/Public Switched Telephone Network(PSTN)/mobile network 106. The calls from the callers 104 may berecorded by the call center 100 for fraud detection. It will beunderstood that the callers 104 may include legitimate customers andfraudsters.

The callers 104 may request call center agents (who receive phone calls)to process transactions related to goods/services. In some embodiments,the call center 100 may apply one or more business rules to decide tocall to determine whether to process a transaction directly or to have afraud check performed on the caller.

For example, an exemplary business rule may require all transactionsabove $20 to be fraud checked. If the call center 100 decides to performa fraud check, the call center 100 may initiate the recording of thecall to generate call data of the caller 104. The terms “call data” maybe understood to include not only audio data, but other types of datasuch as caller identification (e.g., the phone number the caller calledfrom), a dialed number identification service information (e.g., phonenumber the caller dialed, agent identification (e.g., the agent thathandled the call, timestamp-date and time of call), type of call (e.g.,subject matter of the call), an account or order identification (e.g.,some unique transaction or account identifier that the call was inreference to), and a shipping zip code (e.g., if a product was to bedelivered to a particular location), and so forth. The above-describedexamples of call data are to be understood to be nonlimiting, and one ofordinary skill in the art will appreciate that many other types of calldata may likewise be utilized in accordance with the present technology.

In some embodiments, all callers are recorded automatically, and calldata is generated for all calls, or only a portion of the recordedcalls.

The call center 100 may communicate the call data to the Fraud DetectionSystem (hereinafter “FDS 102”) using Internet/LAN 108. The FDS 102 mayperform a fraud check on the caller and may produce a fraud check resultas described in greater detail below. It will be understood that the FDS102 may detect any type of fraud; however, for the purposes of brevity,the present disclosure focuses on fraud perpetrated fraudsters utilizingtelephonic devices.

Referring now to FIG. 2, an exemplary architecture for the call center100 of FIG. 1 is shown. The call center 100 may comprise a switch 200for accepting calls via the VoIP/PSTN/mobile network 106 from thecallers 104. The switch 200 may contain a high bandwidth port 202 thatis communicatively coupled with the network 106 and a plurality of lowbandwidth ports such as ports 204 and 206 communicatively coupled withtelephones 208 and 210, respectively. The telephones 208 and 210 may becommunicatively coupled with workstations 212 and 214. It is noteworthyto mention that these workstations may be made available to each agent,respectively.

A telephone and a corresponding workstation may cooperate together toform an integral unit. such as integral units 216 and 218. Each integralunit may be managed by one or more call center agents (hereinafter “theagent”). It may be understood that the call center 100 may have morethan two integral units. Further, the call center 100 may include arouting subsystem 220 communicatively coupled with a CTI server 222which is in turn communicatively coupled with the switch 200 through aCTI link 224. In order to facilitate data communication, a communicationnetwork 226 may be used to digitally couple the routing subsystem 220,the CTI server 222, and the switch 200. It may be understood that inanother embodiment, the call center 100 may have a differentarchitecture without deviating from the scope of the present disclosure.

In some embodiments, the workstations 212 and 214 may be configured torecord conversations between the callers 104 and the agents. The calldata may be sent to the FDS 102 for fraud detection.

Referring now to FIG. 3, an exemplary architecture of the FDS 102 ofFIG. 1 is shown. The FDS 102 may include a web server (or group of webservers associated together in a cloud computing arrangement) thatutilize or execute executable instructions that are configured toidentify fraud patterns and create fraud behavior models from call data.

According to some embodiments, the executable code may include a frauddetection application, hereinafter referred to as “application 300A.”That is, the FDS 102 having the fraud detection application may functionas a particular purpose computing system that identifies fraud patternsand creates fraud behavior models from call data.

According to some embodiments, the application 300A may include areceiver module 300, a Voice Identification Engine (VIE) 302, ananalytics engine 304, a database 306, and a Graphical User Interface(GUI) module 308.

The receiver module 300 may receive call data communicated thereto by atleast one of the workstations 212 and 214. Further, the receiver module300 may communicate the call data to the VIE 302 for uniquelyidentifying fraudsters in the call data. The VIE 302 includes a voiceprinting module 310, a comparator 312, a grouping module 314, a mastervoice printing module 316, and a Fraud Behavioral Model (FBM) generator318.

It is noteworthy that the FDS 102 may include additional modules,engines, or components, and still fall within the scope of the presenttechnology. As used herein, the term “module” may also refer to any ofan application-specific integrated circuit (“ASIC”), an electroniccircuit, a processor (shared, dedicated, or group) that executes one ormore software or firmware programs, a combinational module circuit,and/or other suitable components that provide the describedfunctionality. In other embodiments, individual modules of the FDS 102may include separately configured web servers.

Additionally, as used herein, the term “module” may be understood toinclude computer readable instructions that are executable by aprocessor of a computing system to affect one or more particularfunctionalities. For example, the voice print module may be executed bya processor to generate a voice print of call data. In some embodiments,the VIE 302 may create voiceprints for each fraudster in each of thecall data using the voice printing module 310. Subsequently, thecomparator 312 may compare the voiceprint generated by the voice printmodule 310 with voiceprints of other fraudsters in an attempt todetermine a match.

According to some embodiments, the VIE 302 may group matchingvoiceprints together utilizing the grouping module 314. The groupingmodule 12 314 may form a plurality of groups of voiceprints, eachbelonging to a unique fraudster. In other embodiments, call datacorresponding to each voiceprint may also be grouped together. Eachgroup of voiceprint may be represented by a Master Voice Print (MVP). AMVP for each group of voiceprints may be created by the Master VoicePrinting module 316. The MVP may be screened against voiceprintsresident within database 306 to determine which voiceprints match amaster voiceprint.

Further, a fraud behavioral model, hereinafter “FBM,” may be generatedfor each unique fraudster. In some embodiments, the FBM may be createdby the FBM generator 318 which uses a live agent (human being) thatlistens to call data present in each group via the GUI module 308. Afterlistening to the call data, the live agent may identify or create a FBMfor each fraudster. The FBM may provide information about behavioralcharacteristics of the fraudsters. Since the behavioral characteristicof each fraudster differs, the FBM may distinguish one fraudster fromanother. The generation and utilization of FBMs is described in greaterdetail below with reference to FIG. 4.

In other embodiments, the FBM generator 318 may be configured toautomatically generate an FBM from call data by identifying keywords,phrases, the presence of sensitive information in the call data, andother similar types of information.

After an FBM has been generated, the groups of call data may becommunicated to the analytics engine 304 by the FBM generator 318. Theanalytics engine 304 includes a Fraud Pattern Identifying (FPI) module320 and a reports generator 322. The FPI module 320 may be used foridentifying fraud patterns for each of the unique fraudsters and thereports generator may be used for generating visual graphical reportsbased upon the fraud patterns. The utilization of fraud patterns andfraud analytics reports will be explained below in greater detail withreference to FIG. 4.

Further, in some embodiments, a corpus of fraud data may include FBMs,fraud patterns, and fraud analytics reports. This corpus of fraud datamay be provisioned into the FDS 102 and may be stored in the database306. These provisioned FBMs, fraud patterns, and fraud analytics reportsmay be utilized as a corpus of fraud data against which newly gatheredvoiceprints may be compared.

Referring now to FIGS. 4A and 4B, an exemplary timing diagramillustrating a sequence of events in an exemplary method for frauddetection is shown. Specifically, FIG. 4A shows that, at 400, thecallers 104 may call the call center 100. At 402, the calls may beprocessed by the call center 100. Call processing may include receivingthe call, taking an order from the caller, and recording the call. At404, the call center may accept or deny transactions based on a businessrule. For example, the business rule may advocate acceptance of alltransactions below a threshold amount (e.g., twenty dollars). However,for transactions above a threshold amount, the call center 100 mayrequest that a fraud check be performed using a prior art fraud checkingsystem (not shown). The prior art fraud checking system may perform afraud check on the caller using known techniques. If the prior art fraudchecking system reveals a suspicious or potentially fraudulenttransaction, the call may be routed to the call center 100 for furtherprocessing. Since the prior art fraud checking systems may be inaccurateand/or inadequate, some of the transactions that are approved by theprior art fraud checking system may, in fact, be fraudulenttransactions.

Therefore, at 406, the call center 100 may receive fraud reports fromcredit card companies for these fraudulent transactions. In oneembodiment, the fraud reports received by the call center 100 may beanalyzed and indexed by the workstations 212 and 214. Fraud reports maybe associated with particular credit cards numbers, transaction numbers,social security numbers that are known to have been used fraudulently.These types of fraud data may be utilized as reference data to compareagainst future call data.

Because fraud techniques vary, it is apparent that many other types offraud data that correspond to fraudulent transactions (e.g., names,locations, accents, and so forth) may also be utilized by the systemsprovided herein. Therefore, other types of fraudulent data that would beknown to one of ordinary skill in the art with the present disclosurebefore them are likewise contemplated for use in accordance with thepresent technology.

Using the indexed fraud reports, the workstations 212 and 214 mayperform a function of fraud marking by segregating or parsing call dataassociated with the fraudsters. Specifically, the workstations 212 and214 may use keyword spotting technology to correlate indexed fraudreports with corresponding callers and then select call data associatedwith fraudsters based upon the correlation as shown in the exemplaryflowchart of FIG. 5.

More specifically, keyword spotting technology may be used to analyzecall data, determine valuable information from call data automatically,and indicate whether specific keywords were mentioned during the call ornot. For example, the keyword spotting technology may be used to find ausage of a credit card number in a call data, thereby correlating thecall data with a fraud report having the same credit card number.

Based upon the fraud marking, at 410, the workstations 212 and 214 maygenerate a recording of call data associated with fraudsters. At 412,the workstations 212 and 214 may transfer the call data associated withfraudsters to the FDS 102. The receiver module 300 in the FDS 102 mayreceive the call data and communicate the same to the VIE 302. The VIE302 may uniquely identify fraudsters in the call data as explained in aflowchart in FIG. 6. Specifically, at 600, the VIE 302 may create avoiceprint for each fraudster in the call data using the voice printingmodule 310.

It will be understood that a voiceprint is a mathematical model which iscreated by extracting features from the call data. A voiceprint may becreated by applying one or more types of voice recognition algorithms tocall data. Subsequent to the creation of voiceprints for the instantcall data, the VIE 302 may compare and score each previously receivedvoiceprint against each of the remaining voiceprints resident in thestorage media of the FDS 102 using the comparator 312.

In one example, the voiceprints may be compared and scored in thefollowing manner: Consider a total number of voiceprints to be N, whereN=100 and the voiceprints are from a1 to a100. The voiceprints may becompared using a matrix 700 as shown in FIG. 7. The matrix 700 may bearranged such that the voiceprints a1 to a100 are disposed verticallyand horizontally as shown. This arrangement of voiceprints may help ineasy visual comparison of voiceprints.

During a comparison process of the voiceprints, a Relative ComparisonScore (RCS) may be generated for each unique voiceprint. For example, afirst voiceprint generated from a first call data may be compared toeach of the voiceprints generated from additional voiceprints that arestored in the FDS 102. Individual comparisons between a first voiceprintand a second voiceprint data may be generated (along with otheradditional voiceprints).

An RCS gives an indication of similarity between any two voiceprints. Ahigh RCS may indicate a high degree of similarity between twovoiceprints. In the present example, the first voiceprint a1 is comparedwith the additional voiceprints a2 to a100 in a first round ofcomparison. During the first round, it may be found that while comparinga1 and a50, both the voiceprints have similar features. For example, anRCS of 9/10 may be assigned to this pair of voiceprints. Therefore,voiceprints a1 and a50 may be considered to be a match (or substantiallysimilar enough to be considered a match). Similarly, when voiceprints a1and a100 are compared, an RCS of 8/10 may be assigned to this pair ofvoiceprints. In a second round of comparison, a2 may be compared withvoiceprints a3 to a100, and so on.

At 604, the comparator 312 may determine whether the RCS is above orbelow a threshold value (for example 70%) or not. Specifically, thecomparator 312 may mark all voiceprint pairs which have an RCS above thethreshold value in a round. At 606, the marked pair of voiceprintsbelonging to a same round may be grouped together by the grouping module314. Therefore, each group of voiceprints may be considered to belong toa unique fraudster. For example, FIG. 7 shows a plurality of groups 702such as group G1 and group G2. In group G1, voiceprints a1, a50, a70,a100 are present because their RCS was above the threshold value (i.e.70%). Further, the group G1 may also contain call data corresponding tovoiceprint a1, a50, a70, and a100. Similarly, in group G2, voiceprintsa2, a42, a78, and a 90 are present because their RCS was above thethreshold value. unique fraudsters

At 608, the groups formed by the grouping module 314 may be verifiedwith the help of the live agent. Specifically, the live agent may listento the call data. After listening to each of the call data, the liveagent may verify whether the groups formed by the grouping module 314are accurate or not on the basis of voice characteristics and voicefeatures (i.e., how a particular person sounds). In other words, thelive agent may verify whether voiceprints of a same fraudster aregrouped together or not. After the verification of the groups by thelive agent, a master voiceprint may be created for each group ofvoiceprints at 610. The master voiceprints may be created by the mastervoice printing module 316. A master voiceprint may represent a group ofvoiceprints and may be created from one or more voiceprints present in agroup of voiceprints.

A master voiceprint may have best voice features/characteristicsbelonging to a fraudster that are chosen from selected voiceprints. At612, each of the master voiceprints may be screened against each of theN voiceprints to determine which voiceprints among the N voiceprintsmatch a master voiceprint, thereby asserting that one or more groups ofvoiceprints belong to a unique fraudster.

For example, consider a master voiceprint M1 for the group ofvoiceprints G1, wherein M1 is created from the voiceprints present inG1. In the present example, M1 may be screened against all voiceprintspresent in groups G1, G2, and Gn. During a screening process, it may befound that voiceprints present in G1 match the master voiceprint M1.Similarly, a master voiceprint M2 may match the voiceprints present inG2. Therefore, after the complete screening process, it may be assertedthat each group of voiceprints belonged to a unique fraudster. Suchverification processes confirm the accuracy of the FDS 102. In oneembodiment, steps 610 and 612 are optional. In other words, the steps ofcreating master voiceprints and then screening the master voiceprintsagainst the N voiceprints may not be performed.

At 614, each group of call data may be utilized by the live agent tocreate a Fraud Behavioral Model (FBM) for each fraudster. The live agentmay use the GUI module 308 to glean information from multiple calls(call data) made by a same fraudster to determine a FBM for saidfraudster. The FBM for a fraudster may provide information aboutbehavioral characteristics of the fraudster, thereby distinguishing onefraudster from another. Further, the FBM of a fraudster may provideinformation about a mode of operation or a method being used by thefraudster to perpetrate fraud.

In some embodiments, a set of parameters may be checked to determine aFBM for a fraudster. For example, when the live agent is listening tothe call data present in a group, such as group G1 belonging to afraudster X, the live agent may check whether the fraudster X alwaysused a new account for making a transaction or not. If the fraudster Xused a new account for every transaction he made, then the live agentmay conclude that using a new account for every transaction is abehavioral characteristic of the fraudster X.

Further, to determine more about the behavioral characteristics of thefraudster X, the live agent may check whether the fraudster X alwaysordered a same item or a same number of an item or not. If the fraudsterX has ordered a same item or a same number of an item in everytransaction he made, then the live agent may conclude that ordering asame item or a same number of an item is a behavioral characteristic ofthe fraudster X.

Furthermore, the live agent may check whether the fraudster X alwayschose for express shipping, and whether the fraudster X always changedshipping address, and whether the fraudster X always asked for deliveryon a particular day/time of the week, and whether the fraudster X alwayscracked same kind of jokes, and whether the fraudster X always used samekind of idioms/words, and whether the fraudster X always called from asame phone number or from a same geographical location, and whether thefraudster X always called from a same type of telephony service (such asVoIP) or not. Based upon the set of parameters mentioned above, moreinformation about the behavioral characteristics of the fraudster X maybe determined, thereby revealing a FBM for the fraudster X. The FBM ofthe fraudsters may be used to detect fraud in future as explained below.

Optionally, the FBMs of the fraudsters may be used to validate thegroups formed by the grouping module 314. Specifically, in one example,the live agent may group the voiceprints belonging to fraudsters basedupon FBMs of the fraudsters. If the groups formed by the live agentinclude voiceprints corresponding to the voiceprints grouped by thegrouping module 314, then the groups formed by the grouping module 314may be deemed to be validated at 616. In other words, since eachfraudster may exhibit a different FBM, the accuracy of a voiceprintcomparison (or groups of voiceprints) generated from call data may beverified using FBM.

According to some embodiments, a group of voiceprints may be validatedby the live agent only when the comparator 312 indicates a lowconfidence (e.g., a low RCS number) for a pair of voiceprints. Forexample, the comparator 312 may determine that a pair of voiceprints hasan RCS of 6.8/10. In this example, the pair of voiceprints may bevalidated by the live agent using a FBM so as to properly categorize thevoiceprints in an appropriate group.

With respect to generating fraud patterns, subsequent to theidentification of unique fraudsters, the VIE 302 may transfer call databelonging to the unique fraudsters to the analytics engine 304. At 416,the analytics engine 304 may identify one or more fraud patterns foreach of the unique fraudsters. Specifically, the analytics engine 304may use the Fraud Pattern Identifying (FPI) module 320 to identify fraudpatterns from the groups of the call data belonging to the uniquefraudsters.

The fraud patterns may provide details of fraud such a frequency offraud such as how many times did a fraudster perpetrate fraud, a timeand a date of fraud, common voice accents, or whether fraudsters speakin a certain voice accent, for example Asian voice accents. Fraudpatterns may further provide details about phone numbers called from(i.e. whether fraudsters generally use mobile or landline or VoIP tomake calls). Fraud patterns may further provide details about the numberof calls made by each fraudster, a number of enterprises beingvictimized by each fraudster, details of the enterprises beingvictimized, and accomplice details (i.e., whether the fraudsters operatealone or in rings of association).

At 418, fraud patterns generated by the FPI module 320 may be used bythe reports generator 322 to generate exemplary fraud analytics reportsas shown in Tables 1-4 and FIGS. 9-12. In some embodiments, fraudanalytics reports may include visual graphical reports that illustratethe fraud patterns.

In one embodiment, a list of the unique fraudsters may be used to form ablacklist. The blacklist may contain voiceprints of the uniquefraudsters. The blacklist, the fraud analytics reports, and the FBM ofeach fraudster are provisioned into the storage media (e.g., database306) associated with the FDS 102.

The database 306 may be used to detect fraud in future calls.Specifically, at 422 the callers 104 may call the call center 100. At424, the calls may be processed by the call center 100 as explained inFIG. 1. At 426, the call center 100 may communicate a fraud checkrequest along with the call data of the callers to the FDS 102. At 428,the FDS 102 may process the fraud check request. Processing the fraudcheck request may include screening the call data against voiceprintsthe database 306 in real time to determine whether the caller is afraudster.

For example, when a new caller calls the call center 100, his/her namemay be screened against the blacklist, his/her behavior model may bescreened against the existing FBMs, and his/her method of transactionmay be screened against the existing fraud patterns to determine whetherthe new caller is a fraudster. For example, behavioral models of the newcallers may be screened against the existing FBMs of fraudsters todetermine whether any of the new callers has a behavioral model (asdetermined by the live agent) similar to the existing FBMs. If any ofthe new callers has a similar behavioral model, their transactions maybe put under suspect and investigated further. The similarity betweenthe behavioral models of the new callers and the existing FBMs may bedetermined by the live agent, thereby making the FDS 102 more accurateand reliable. Further, since the FDS 102 may include with a plurality ofverification processes such as a blacklist, FBMs, and fraud patterns,the FDS 102 may be used for more accurate analysis of the new caller todetermine whether the new caller is a fraudster or not. At 430, the FDS102 may communicate a fraud check result based upon the processingperformed at step 428. At 432, the call center 100 may accept or denythe transaction based upon the fraud check result.

Advantages of the FDS 102 may be explained with the help of an exemplarycase study explained in FIG. 8. The case study involves an affiliate(enterprise) which is victimized by a plurality of fraudsters.Specifically, FIG. 8 illustrates affiliate fraud, and the subsequentFIGS. 9-12 and Tables 1-4 illustrate the use of the FDS 102 by theaffiliate to understand fraud patterns previously unknown to theaffiliate. The fraud patterns may be used by the affiliate to detectfraud in future. At 800, a legitimate caller may place an order with afirst affiliate of an XYZ company for some goods or services. At 802, afraudster may illicitly obtain order information of the order placed atstep 800. At 804, the fraudster may cancel the order in a call to thefirst affiliate by posing as the legitimate caller. Specifically, thefraudster uses a legitimate caller's identity in the call to cancel theorder with the first affiliate. At 806, the fraudster places anidentical new order with a second affiliate of the XYZ company. At 808,the second affiliate dispatches the goods or services to the legitimatecaller and gets paid. Therefore, in this example, although a sale wasgenerated by the first affiliate, compensation went to the secondaffiliate. Further, in the present example, it may be inferred that thefraudster works for the second affiliate. This type of fraud may bereferred to as affiliate fraud.

To deal with fraud in future, the first affiliate may use the FDS 102explained above. Specifically, FIGS. 9-12 and Tables 1-4 illustrate aresult of the use of the FDS 102 by the first affiliate. The firstaffiliate may communicate call data associated with fraudsters to theFDS 102. For example, the call data may comprise call recordings 255belonging to one or more fraudsters. Each of the call data may comprisea recorded audio conversation between a fraudster and a firstaffiliate's employee.

A receiver module in the FDS 102 may receive the call data transferredthereto by the first affiliate. The receiver module may communicate thecall data to a VIE for uniquely identifying fraudsters in the call data.

Individual call data may be analyzed by the system to generatevoiceprints, fraud patterns, fraud behavioral models, and so forth fromthe call data. Analytics may be performed on the call data to generatereports that are indicative of the types of fraud (or FMBs of individualfraudsters) that are perpetrating fraud against the affiliate.

In the present example, the VIE may find that 15 uniqueindividuals/fraudsters accounted for almost 80% of fraud. In otherwords, a small number of individuals were committing a majority offraud. Table 1 provides details on the unique fraudsters and FIG. 9shows a graphical view of the same. Specifically, Table 1 shows thateach fraudster is given a unique identifier and also tagged with one ofthe names that the fraudsters assumed. More specifically, Table 1 andFIG. 9 provide the following information: a) 15 unique fraudsters, b) 13males, c) 2 females, d) all callers had particular accents, except forone female who had a mixed accent, e) some posed as the customerthemselves, others made the calls on behalf of the customer, oneindividual started off calling in as the affiliate, but then switchedover for later calls to pretending to be the customer (VFS0010), f) manyused a great deal of military spelling (“A like apple”, etc.),indicating a high degree of sophistication interacting with firstaffiliate's employees or call center agents working for the firstaffiliate, g) the remaining 20% of the calls were made by fraudsters whomade less than 4 calls each.

TABLE 1 Identified Fraudsters Other # Names Name Calls Gender AccentPersona Used VFS0001 (Person0) 48 M AccentType1 Affiliate VFS0002(Person1) 14 M AccentType1 Affiliate Montav VFS0003 (Person2) 31 MAccentType1 Affiliate Igual, Baal VFS0004 (Person3) 14 M AccentType1Customer VFS0005 (Person4) 9 F AccentType1 Customer VFS0006 (Person5) 10M AccentType1 Affiliate VFS0007 (Person6) 7 M AccentType1 AffiliateVFS0008 (Person7) 7 M AccentType1 Affiliate VFS0009 (Person8) 5 MAccentType1 Affiliate VFS0010 (Person9) 6 M AccentType1 Both VFS0012(Person10) 8 F Mixed Both VFS0013 (Person11) 29 M AccentType1 AffiliateVFS0014 (Person12) 6 M AccentType1 Affiliate VFS0011 (Person13) 4 MAccentType1 Affiliate VFS0015 (Person14) 8 M AccentType1 Affiliate

Table 2 illustrates how the fraudsters operated within a period of time.FIG. 10 shows an exemplary graphical view of the same. FIG. 11 and FIG.12 show a number of affiliate codes that each fraudster made callsunder. While there were a few fraudsters who used only one affiliate ID,12 fraudsters used multiple IDs. One fraudster used four affiliates andanother used five affiliates. The “affiliate hoppers” are more likely tobe determined as repeat fraudsters.

TABLE 2 Fraud Activity Total affiliates per Fraudster StartDate EndDatefraudster VFS0011 (Person13) 30-Apr. 7-Aug. 2 VFS0013 (Person11) 3-May29-Sep. 3 VFS0003 (Person2) 12-May 1-Oct. 5 VFS0009 (Person8) 18-Jun.6-Aug. 1 VFS0006 (Person5) 1-Jul. 8-Aug. 4 VFS0004 (Person3) 4-Jul.19-Jul. 2 VFS0014 (Person12) 6-Jul. 25-Jul. 1 VFS0002 (Person1) 24-Jul.9-Sep. 2 VFS0005 (Person4) 2-Aug. 25-Sep. 3 VFS0007 (Person6) 4-Aug.22-Jul. 3 VFS0012 (Person10) 9-Aug. 17-Sep. 2 VFS0010 (Person9) 10-Aug.14-Sep. 1 VFS0015 (Person14) 12-Aug. 1-Oct. 2 VFS0008 (Person7) 18-Aug.17-Sep. 2 VFS0001 (Person0) 6-Sep. 7-Oct. 3

Referring now to Table 3 which shows that the unique fraudsters operatedin rings/associations. The live agent may be able to determineassociations among the uniquely identified by forming lists. Forexample, a first list may include fraudsters that used the same set ofaffiliate numbers. A second list may include fraudsters that were on thesame call (e.g., one posing as an affiliate, the other as a customer).These two lists may be used by the live agent to further categorize thefraudsters and place them into rings of association. Based on thisinformation it may be reasonable to conclude that these rings ofassociation were in fact fraud rings working together to execute one ormore types of fraud.

TABLE 3 Fraud Subjects # Affiliates Ring Of Associations 1 VFS0005(Person4) 3 VFS0002 (Person1) 2 Ring Of Associations 2 VFS0006 (Person5) 4 VFS0007 (Person6 ) 3 Ring Of Associations 3 VFS0003 (Person2) 5VFS0001 (Person0) 3 VFS0013 (Person11) 3 VFS0012 (Person10) 2 VFS0011(Person13) 2 VFS0008 (Person7) 2 VFS0015 (Person14) 2 VFS0010 (Person9)1 Solo VFS0001 (Person3) 2 VFS0009 (Person8) 1 VFS0014 (Person12) 1

Referring now to Table 4 which shows an exemplary process 1000 for callscreening new call data. The call data may comprise recordedconversations provided by the first affiliate to the FDS, to detectfraud in subsequent or “new” calls. After screening the new call dataagainst the database 306, it was found that a) eleven new calls wereflagged that had the voice of the fraudsters identified earlier, and b)three new affiliates were identified as being used by fraudster voicesenrolled in a blacklist database 306. Also, individuals from rings #1and #3 were present on new affiliate codes. Once all ring members areknown, then the live agent may again listen to the call data of the ringmembers to understand ways in which the ring members operate in a ring,thereby helping the first affiliate to detect fraud in future. Further,the database 306 may be updated to include more information about thefraudsters. Therefore, it may be understood that the database 306 may beconstantly updated to capture latest methods and techniques used by thefraudsters, and therefore may help to curb fraud in future withoutgetting obsolete easily.

TABLE 4 Affiliate ID Fraud Subject File Name 295421 VFS0010 (Person9)17494_AA336843-DE11CC8D-0C0087AF-28E44829 294091 VFS0010 (Person9)17197_FED075B2-DE11A091-0C0087AF-28E44829 291333 VFS0002 (Person1)12232_BCC5F94F-DE11FB76-0C0087AF-29E44829 291333 VFS0002 (Person1)10693_DC6F20DC-DE110077-0C0087AF-28E44829 291333 VFS0002 (Person1)10672_AC090BB6-DE11C777-0C0087AF-28E44829 294091 VFS0001 (Person0)14918_0CA71D12-DE11AF92-0C0087AF-28E44829 294091 VFS0001 (Person0)17189_E6CE5CAF-DE11D77B-0C0087AF-28E44829 294091 VFS0001 (Person0)17518_C470DA33-DE111C98-0C0096B0-28E44829 294091 VFS0001 (Person0)10672_2642 F8CB-DE110598-0C0096B0-29E44829 294091 VFS0003 (Person12),12232_A4873717-DE114885-0C0087AF-28E44829 VFS0012 (Person10) 294091VFS0003 (Person2) 10805_36F0E0C9-DE119A7C-0C0087AF-28E44829

According to some embodiments, rather than initially comparing call datato fraud patterns, the present technology may be adapted to screen calldata and/or call metadata (e.g. time stamp, caller id, etc.) and groupcalls together according to similar transaction data such as productsidentification, product quantities, shipping zip code, and so forth. Thepresent technology may then evaluate the voiceprints for each caller inthe group to determine information such as asserted identities, commonaccents, similar phraseology, or other voice information that wouldindicate that the caller is a fraudster.

FIG. 13 of the drawings shows hardware 1300 associated with an exemplarycomputing system that may be used to implement methods and systems (i.e.the FDS 102) disclosed herein. The hardware 1300 typically includes atleast one processor 1302 coupled to a memory 1304. The processor 1302may represent one or more processors (e.g. microprocessors), and thememory 1304 may represent random access memory (RAM) devices comprisinga main storage of the hardware 1300, as well as any supplemental levelsof memory, e.g., cache memories, non-volatile or back-up memories (e.g.programmable or flash memories), read-only memories, etc. In addition,the memory 1304 may be considered to include memory storage physicallylocated elsewhere in the hardware 1300, e.g. any cache memory in theprocessor 1302 as well as any storage capacity used as a virtual memory,e.g., as stored on a mass storage device 1310.

The hardware 1300 also typically receives a number of inputs and outputsfor communicating information externally. For an interface with a useror operator, the hardware 1300 may include one or more user inputdevices 1306 (e.g., a keyboard, a mouse, imaging device, scanner, etc.)and a one or more output devices 1308 (e.g., a Liquid Crystal Display(LCD) panel, a sound playback device (speaker). To embody the presentdisclosure, the hardware 1300 must include at least one touch screendevice (for example, a touch screen), an interactive whiteboard or anyother device which allows the user to interact with a computer bytouching areas on the screen.

For additional storage, the hardware 1300 may also include one or moremass storage devices 1310, e.g., a floppy or other removable disk drive,a hard disk drive, a Direct Access Storage Device (DASD), an opticaldrive (e.g. a Compact Disk (CD) drive, a Digital Versatile Disk (DVD)drive, etc.) and/or a tape drive, among others. Furthermore, thehardware 1300 may include an interface with one or more networks 1312(e.g., a local area network (LAN), a wide area network (WAN), a wirelessnetwork, and/or the Internet among others) to permit the communicationof information with other computers coupled to the networks. It shouldbe appreciated that the hardware 1300 typically includes suitable analogand/or digital interfaces between the processor 1302 and each of thecomponents 1304, 1306, 1308, and 1312 as is well known in the art.

The hardware 1300 operates under the control of an operating system1314, and executes various computer software applications, components,programs, objects, modules, etc. to implement the techniques describedabove. In particular, the computer software applications will includethe client dictionary application, in the case of the client userdevice. Moreover, various applications, components, programs, objects,etc., collectively indicated by reference 1316 in FIG. 13, may alsoexecute on one or more processors in another computer coupled to thehardware 1300 via a network 1312) e.g., in a distributed computingenvironment, whereby the processing required to implement the functionsof a computer program may be allocated to multiple computers over anetwork.

In general, the routines executed to implement the embodiments of thedisclosure may be implemented as part of an operating system or aspecific application, component, program, object, module or sequence ofinstructions referred to as “computer programs.” The computer programstypically comprise one or more instructions set at various times invarious memory and storage devices in a computer, and that, when readand executed by one or more processors in a computer, cause the computerto perform operations necessary to execute elements involving thevarious aspects of the disclosure. Moreover, while the disclosure hasbeen described in the context of fully functioning computers andcomputer systems, those skilled in the art will appreciate that thevarious embodiments of the disclosure are capable of being distributedas a program product in a variety of forms, and that the disclosureapplies equally regardless of the particular type of computer-readablemedia used to actually effect the distribution. Examples ofcomputer-readable media include but are not limited to recordable typemedia such as volatile and non-volatile memory devices, floppy and otherremovable disks, hard disk drives, optical disks (e.g., Compact DiskRead-Only Memory (CD-ROMs), Digital Versatile Disks (DVDs), flashmemory, etc.), among others. Another type of distribution may beimplemented as Internet downloads.

While certain exemplary embodiments have been described and shown in theaccompanying drawings, it is to be understood that such embodiments aremerely illustrative and not restrictive of the broad disclosure and thatthis disclosure is not limited to the specific constructions andarrangements shown and described, since various other modifications mayoccur to those ordinarily skilled in the art upon studying thisdisclosure. In an area of technology such as this, where growth is fastand further advancements are not easily foreseen, the disclosedembodiments may be readily modifiable in arrangement and detail asfacilitated by enabling technological advancements without departingfrom the principals of the present disclosure.

In the foregoing specification, specific embodiments of the presentdisclosure have been described. However, one of ordinary skill in theart appreciates that various modifications and changes can be madewithout departing from the scope of the present disclosure as set forthin the claims below. Accordingly, the specification and figures are tobe regarded in an illustrative rather than a restrictive sense, and allsuch modifications are intended to be included within the scope ofpresent disclosure. The benefits, advantages, solutions to problems, andany element(s) that may cause any benefit, advantage, or solution tooccur or become more pronounced are not to be construed as a critical,required, or essential features or elements of any or all the claims.The disclosure is defined solely by the appended claims including anyamendments made during the pendency of this application and allequivalents of those claims as issued.

What is claimed is:
 1. A method for analyzing call data associated withfraudsters, the method comprising: executing instructions stored inmemory, the instructions to be executed by a processor, the instructionsbeing configured to: responsive to receiving first call data associatedwith fraudsters: (a) generate a voiceprint for each fraudster in thefirst call data such that a first plurality of voiceprints aregenerated; (b) retrieve from a blacklist database a second plurality ofvoiceprints; (c) compare each voiceprint of the first plurality ofvoiceprints with each voiceprint of the second plurality of voiceprintsto generate a plurality of relative comparison scores, wherein thecomparing is performed using a matrix arranged such that the firstplurality of voiceprints are disposed on a first axis of the matrix, thesecond plurality of voiceprints are disposed on a second axis of thematrix, and such that cells of the matrix include a relative comparisonscore for each voiceprint pair, wherein relative comparison scores arenumerical values that indicate a degree of similarity between twovoiceprints; (d) group together voiceprint pairs having relativecomparison scores above or below a predetermined threshold values; (e)generate a master voiceprint for the group; and (f) store the mastervoiceprint in the blacklist database, wherein the master voiceprint issubsequently used for screening new call data to detect fraud in a newcall.
 2. The method of claim 1, wherein the instructions are furtherconfigured to: generate a fraud behavioral model for one or morevoiceprints in the group, the fraud behavioral model including data thatidentifies behaviors of a unique fraudster; and validate the associationof two or more voiceprints by comparing call data of the two or morevoiceprints with the fraud behavioral model.
 3. The method of claim 2,wherein the fraud behavior model is generated at least by executingfurther instructions stored in memory configured to: extract keywordsfrom the call data that are indicative of fraud; identify fraud patternsfrom the keywords; and store the fraud patterns in a database.
 4. Themethod of claim 3, wherein the instructions are further configured to:generate a fraud analytics report based on the fraud patterns, the fraudanalytics report comprising a set of visual graphs illustrating thefraud patterns, wherein a visual graph of the set of visual graphscomprises a first axis associated with a uniquely identified fraudsterand a second axis associated with a number of calls made.
 5. The methodof claim 3, wherein a visual graph of the set of visual graphs comprisesa first axis associated with a uniquely identified fraudster and asecond axis associated with a number of accounts.
 6. The method of claim3, wherein keywords include any of a credit card number, a socialsecurity number, a bank account number, a telephone number, a name, alocation, a username, a password, personally identifiable information,and combinations thereof.
 7. A non-transitory computer readable storagemedia having a program embodied thereon, the program being executable bya processor to perform a method for analyzing call data associated withfraudsters, the method comprising: responsive to receiving first calldata associated with fraudsters: (a) generating a voiceprint for eachfraudster in the first call data such that a first plurality ofvoiceprints are generated; (b) retrieving from a blacklist database asecond plurality of voiceprints; (c) comparing each voiceprint of thefirst plurality of voiceprints with each voiceprint of the secondplurality of voiceprints to generate a plurality of relative comparisonscores, wherein the comparing is performed using a matrix arranged suchthat the first plurality of voiceprints are disposed on a first axis ofthe matrix, the second plurality of voiceprints are disposed on a secondaxis of the matrix, and such that cells of the matrix include a relativecomparison score for each voiceprint pair, wherein relative comparisonscores are numerical values that indicate a degree of similarity betweentwo voiceprints; (d) grouping together voiceprint pairs having relativecomparison scores above or below a predetermined threshold values; (e)generating a master voiceprint for the group; and (f) storing the mastervoiceprint in the blacklist database, wherein the master voiceprint issubsequently used for screening new call data to detect fraud in a newcall.
 8. The non-transitory computer readable storage media of claim 7,wherein the method further includes: generating a fraud behavioral modelfor one or more voiceprints in the group, the fraud behavioral modelincluding data that identifies behaviors of a unique fraudster; andvalidating the association of two or more voiceprints by comparing calldata of the two or more voiceprints with the fraud behavioral model. 9.The non-transitory computer readable storage media of claim 8, whereinthe fraud behavior model is generated at least by: extracting keywordsfrom the call data that are indicative of fraud; identifying fraudpatterns from the keywords; and storing the fraud patterns in adatabase.
 10. The non-transitory computer readable storage media ofclaim 9, wherein the method further includes: generating a fraudanalytics report based on the fraud patterns, the fraud analytics reportcomprising a set of visual graphs illustrating the fraud patterns,wherein a visual graph of the set of visual graphs comprises a firstaxis associated with a uniquely identified fraudster and a second axisassociated with a number of calls made.
 11. The non-transitory computerreadable storage media of claim 9, wherein a visual graph of the set ofvisual graphs comprises a first axis associated with a uniquelyidentified fraudster and a second axis associated with a number ofaccounts.
 12. The non-transitory computer readable storage media ofclaim 9, wherein keywords include any of a credit card number, a socialsecurity number, a bank account number, a telephone number, a name, alocation, a username, a password, personally identifiable information,and combinations thereof.
 13. A system for analyzing call dataassociated with fraudsters, the system comprising: a memory for storingexecutable instructions; a processor for executing the instructions, theexecutable instructions including: a voice printing module that,responsive to receiving first call data associated with fraudsters,generates a voiceprint for each fraudster in the first call data suchthat a first plurality of voiceprints are generated; a comparator modulethat retrieves from a blacklist database a second plurality ofvoiceprints, compares each voiceprint of the first plurality ofvoiceprints with each voiceprint of the second plurality of voiceprintsto generate a plurality of relative comparison scores, wherein thecomparing is performed using a matrix arranged such that the firstplurality of voiceprints are disposed on a first axis of the matrix, thesecond plurality of voiceprints are disposed on a second axis of thematrix, and such that cells of the matrix include a relative comparisonscore for each voiceprint pair, wherein relative comparison scores arenumerical values that indicate a degree of similarity between twovoiceprints; and a grouping module that groups together voiceprint pairshaving relative comparison scores above or below a predeterminedthreshold values; a master voice printing module that generates a mastervoiceprint for the group and stores the master voiceprint in theblacklist database, wherein the master voiceprint is subsequently usedfor screening new call data to detect fraud in a new call.
 14. Thesystem of claim 13, further comprising a fraud pattern identifyingmodule that: generates a fraud behavioral model for one or morevoiceprints in the group, the fraud behavioral model including data thatidentifies behaviors of a unique fraudster; and validates theassociation of two or more voiceprints by comparing call data of the twoor more voiceprints with the fraud behavioral model.
 15. The system ofclaim 14 further comprising: an analytics module that extract keywordsfrom the call data that are indicative of fraud; and wherein the fraudpattern identifying module generates the fraud behavior model by atleast identifying fraud patterns from the keywords and storing the fraudpatterns in a database.
 16. The system of claim 15, wherein the methodfurther includes: a reports generator that generates a fraud analyticsreport based on the fraud patterns, the fraud analytics reportcomprising a set of visual graphs illustrating the fraud patterns,wherein a visual graph of the set of visual graphs comprises a firstaxis associated with a uniquely identified fraudster and a second axisassociated with a number of calls made.
 17. The system of claim 15,wherein a visual graph of the set of visual graphs comprises a firstaxis associated with a uniquely identified fraudster and a second axisassociated with a number of accounts.
 18. The system of claim 15,wherein keywords include any of a credit card number, a social securitynumber, a bank account number, a telephone number, a name, a location, ausername, a password, personally identifiable information, andcombinations thereof.